package org.jflame.context.security.mask;

import org.jflame.commons.util.StringHelper;
import org.jflame.context.security.SecurityFacade;

/**
 * 默认的数据脱敏权限策略,如果给定了数据权限标识则判断有无该权限, 否则根据角色判断是否需要脱敏
 * 
 * @author charles.zhang
 */
public class DefaultMaskPolicy implements DataMaskPolicy {

    /**
     * 有权限查看原始数据的角色,这些角色无需数据脱敏
     */
    private String[] roleWhitelist;

    public DefaultMaskPolicy(String... roleWhitelist) {
        this.roleWhitelist = roleWhitelist;
    }

    @Override
    public boolean requireMask(String dataId) {
        if (StringHelper.isNotEmpty(dataId)) {
            if (SecurityFacade.hasAuthority(dataId)) {
                return false;
            }
        } else {
            if (roleWhitelist != null && SecurityFacade.hasAnyRole(roleWhitelist)) {
                return false;
            }
        }
        return true;
    }

    public String[] getRoleWhitelist() {
        return roleWhitelist;
    }

    public void setRoleWhitelist(String[] roleWhitelist) {
        this.roleWhitelist = roleWhitelist;
    }

}
